Security Magazine: What education or certification(s) can support a successful career in cybersecurity?

Jenkins: As a hiring manager for more than 20 years, I recognize and appreciate that having a degree or being “certified” is not necessarily indicative of knowledge, skill, or long‑term success. I have hired several candidates — and worked with many colleagues — who had no formal credentials to speak of, yet they were highly skilled and successful in their fields.

That said, having one or more degrees or certifications related to your career — in this case, cybersecurity — does imply a certain level of foundational knowledge, discipline, and the ability to synthesize information. Relevant education and certifications also help establish a shared vernacular and common thought processes, which creates useful points of reference when working with others in the same professional domain.

Education that supports a successful career in cybersecurity, even if not explicitly labeled as such, includes related technical and engineering disciplines such as computer science, information technology, computer engineering, and electrical engineering. Useful corollaries include business- and policy‑oriented education in areas like information systems, business administration, and even privacy or technology law.

Certifications include the obvious examples — CISSP, CISM, CRISC, CompTIA Security+, and others. Ultimately, what matters most to me as a hiring manager is hands‑on experience, demonstrated skills, certifications that align to the role, and the relevance of a candidate’s educational background.

Aspiring leaders must also know how to build trust — both with their teams and with executive leadership. These capabilities are not ‘nice to have’; they are foundational skills for anyone seeking to lead effectively in cybersecurity.

Security: What “soft skills” should aspiring security leaders develop?

Jenkins: Negotiation, compromise, and the ability to establish and maintain a network of peers, mentors, and mentees are critical soft skills for aspiring security leaders. Equally important is the ability to translate technical risk into business impact, which is often nuanced and context sensitive. Can you communicate risk in a way that is transparent and honest, yet pragmatic rather than alarmist?

Aspiring leaders must also know how to build trust — both with their teams and with executive leadership. These capabilities are not “nice to have”; they are foundational skills for anyone seeking to lead effectively in cybersecurity.

Security: How can aspiring security leaders strategically network in order to develop their skills and career?

Jenkins: Aspiring leaders should take advantage of opportunities to join relevant professional organizations. Groups such as ISC2, ISSA and ISACA are strong examples of organizations that are technical in nature and provide meaningful opportunities for learning and networking.

When practical, security professionals should also participate in, contribute to, and join leadership‑oriented organizations. Active engagement — rather than passive membership — is what ultimately drives both professional growth and career advancement.

Security: Are there any “out of the box” approaches to developing your career that you would recommend, such as volunteering or building a strong social media presence?

Jenkins: You nailed it by mentioning both volunteering and social media activities. Volunteering for causes or initiatives of interest — particularly (but not exclusively) those related to cybersecurity — can be an effective way to hone the soft skills we have been discussing, while also creating networking opportunities in unexpected places.

Building a strong social media presence comes naturally for some, while others must be much more intentional about it. If you work in an organization with an established marketing or communications team, it is wise to consult with them so your efforts support broader organizational objectives while also strengthening your professional reputation.

Whether you are blogging, podcasting, or writing articles for publication, one point is especially important: be genuine. Remain true to who you are. Creating a façade — a persona that does not fully represent you — will ultimately undermine what you are trying to accomplish professionally.